w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
Changes: Code base has been stabilized. Additions include an auto-update feature, web application payloads, PHP static code analyzer, and more.

Download
http://packetstormsecurity.org/files/view/101683/w3af-1.0-stable.tar.bz2